Login

Tag Archives: Groundhogg

5 Sep 2019

Our Proactive Monitoring Caught an Arbitrary File Viewing Vulnerability in Groundhogg

One of the ways we help to improve the security of WordPress plugins, not just for the customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Due to recent improvements to that we caught an arbitrary file viewing vulnerability, which is a type of vulnerability likely to be exploited, in the plugin Groundhogg.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. That tool flags the possibility of other issues in this plugin as well. [Read more]

5 Apr 2019

Our Proactive Monitoring Caught an Authenticated Remote Code Execution (RCE) Vulnerability Being Introduced in to Groundhogg

Occasionally our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities catches an easy to confirm vulnerability and that was the case with an authenticated remote code execution (RCE) vulnerability being introduced in to the plugin Groundhogg, which is also exploitable through cross-site request forgery (CSRF).

Since our Plugin Security Checker utilizes the same checks, it will alert you if plugins you use possibly contain the same type vulnerable code (and other types of vulnerable code). From there if you are a paying customer of our service you can suggest/vote for it to receive a security review that will check over that or you can order the same type of review separately. [Read more]